Repository: ambari Updated Branches: refs/heads/branch-2.4 70b20b20b -> ceba590c7
AMBARI-18019. Referring component level identity is not working for ranger-atlas-plugin(mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ceba590c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ceba590c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ceba590c Branch: refs/heads/branch-2.4 Commit: ceba590c71a72f89c8da0d973ac660a9b42ec058 Parents: 70b20b2 Author: Mugdha Varadkar <mug...@apache.org> Authored: Thu Aug 4 23:57:01 2016 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Fri Aug 5 15:54:05 2016 +0530 ---------------------------------------------------------------------- .../ATLAS/0.7.0.2.5/kerberos.json | 23 +++++++++++++++++++- .../RANGER/0.4.0/package/scripts/params.py | 10 +++++---- 2 files changed, 28 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/ceba590c/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json index 2be4b7d..a9da650 100644 --- a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json +++ b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json @@ -15,6 +15,16 @@ "atlas.jaas.KafkaClient.option.serviceName": "${kafka-env/kafka_user}", "atlas.solr.kerberos.enable": "true" } + }, + { + "ranger-atlas-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } } ], "auth_to_local_properties" : [ @@ -46,7 +56,8 @@ } }, { - "name": "/ATLAS/ATLAS_SERVER/atlas", + "name": "atlas_auth", + "reference": "/ATLAS/ATLAS_SERVER/atlas", "principal": { "configuration": "application-properties/atlas.authentication.principal" }, @@ -63,6 +74,16 @@ "keytab": { "configuration": "application-properties/atlas.authentication.method.kerberos.keytab" } + }, + { + "name": "ranger_atlas_audit", + "reference": "/ATLAS/ATLAS_SERVER/atlas", + "principal": { + "configuration": "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab" + } } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/ceba590c/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index 43c767d..e63627d 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -140,14 +140,14 @@ ranger_external_url = config['configurations']['admin-properties']['policymgr_ex if ranger_external_url.endswith('/'): ranger_external_url = ranger_external_url.rstrip('/') ranger_db_name = config['configurations']['admin-properties']['db_name'] -ranger_auditdb_name = config['configurations']['admin-properties']['audit_db_name'] +ranger_auditdb_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits') sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER'] db_root_user = config['configurations']['admin-properties']['db_root_user'] db_root_password = unicode(config['configurations']['admin-properties']['db_root_password']) db_host = config['configurations']['admin-properties']['db_host'] ranger_db_user = config['configurations']['admin-properties']['db_user'] -ranger_audit_db_user = config['configurations']['admin-properties']['audit_db_user'] +ranger_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger') ranger_db_password = unicode(config['configurations']['admin-properties']['db_password']) #ranger-env properties @@ -214,8 +214,10 @@ ranger_credential_provider_path = config["configurations"]["ranger-admin-site"][ ranger_jpa_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.credential.alias"] ranger_ambari_db_password = unicode(config["configurations"]["admin-properties"]["db_password"]) -ranger_jpa_audit_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.audit.jdbc.credential.alias"] if stack_supports_ranger_audit_db else None -ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"]) if stack_supports_ranger_audit_db else None +ranger_jpa_audit_jdbc_credential_alias = default('/configurations/ranger-admin-site/ranger.jpa.audit.jdbc.credential.alias', 'rangeraudit') +ranger_ambari_audit_db_password = '' +if not is_empty(config["configurations"]["admin-properties"]["audit_db_password"]) and stack_supports_ranger_audit_db: + ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"]) ugsync_jceks_path = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.credstore.filename"] ugsync_cred_lib = os.path.join(usersync_home,"lib","*")
